Gentoo Bug 118096 - net-www/mod_auth_pgsql: Multiple Format String Vulnerabilities (CVE-2005-3656)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	118096
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Guillaume Castagnino <casta@xwing.info>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 118096 depends on:			Show dependency tree
Bug 118096 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-01-06 13:50 0000

Multiple vulnerabilities were identified in mod_auth_pgsql for Apache2, which
could be exploited by remote attakers to execute arbitrary commands.

See changelog :
2.0.3       2006-01-05 (Giuseppe Tanzilli <info@giuseppetanzilli.it>)
                    - Security fix from iDefense Security Advisory [IDEF1245]
                    - many bug fix

Simple bump work very well for me (ebuild here :
http://gentoo.xwing.info/net-www/mod_auth_pgsql/mod_auth_pgsql-2.0.3.ebuild )
please upgrade quickly !

Regards

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-01-07 06:42:01 0000 -------

one of the 2 maintainer herds, pls provide fixed packages, thx

------- Comment #2 From Luca Longinotti 2006-01-07 09:13:30 0000 -------

net-www/mod_auth_pgsql-2.0.3 is in the tree now.
Best regards, CHTEKK.

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-01-07 09:20:00 0000 -------

arches, you know the deal - test and mark stable, thx

------- Comment #4 From Jakub Moc (RETIRED) 2006-01-07 09:36:20 0000 -------

*** Bug 114395 has been marked as a duplicate of this bug. ***

------- Comment #5 From Tobias Scherbaum 2006-01-07 13:54:17 0000 -------

Marked ppc stable

------- Comment #6 From Mark Loeser 2006-01-07 21:49:45 0000 -------

x86 done

------- Comment #7 From Simon Stelling (RETIRED) 2006-01-08 09:40:53 0000 -------

amd64 stable

------- Comment #8 From Stefan Cornelius (RETIRED) 2006-01-08 09:43:28 0000 -------

ready for a sweet nice glsa

------- Comment #9 From Stefan Cornelius (RETIRED) 2006-01-10 21:33:49 0000 -------

GLSA 200601-05
Thanks to everybody involved.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 118096

net-www/mod_auth_pgsql: Multiple Format String Vulnerabilities (CVE-2005-3656)

Last modified: 2006-01-10 21:33:49 0000